WikiLeaks Backers 'Anonymous' to Be Probed by U.S. Grand Jury

WikiLeaks Backers 'Anonymous' to Be Probed by U.S. Grand Jury

PCJF: 'Modern-day sit-in treated by FBI like terrorist activity'

Feb. 9 (Bloomberg) -- Evidence collected by the FBI about Anonymous,
which attacked websites of four companies to punish them for blocking
contributions to WikiLeaks, will be considered this week by a U.S. grand
jury, according to court papers and an informal spokesman for the group
of activist hackers.

The federal grand jury in San Jose, California,
will begin reviewing evidence tomorrow that includes computers and
mobile phones seized from suspected leaders as prosecutors probe the
coordinated so-called denial-of-service attacks in December, according
to a federal subpoena and the spokesman, Barrett Brown. Anonymous
directed activists to target payment processors MasterCard Inc., Visa
Inc., EBay Inc.’s PayPal, and U.K.-based Moneybookers.com in public chat
rooms.

Among the evidence seized by the FBI during
multistate raids on Jan. 27 was data taken from an individual who
controls one of Anonymous’s primary servers, identified by the
organization only by his cyber-handle ‘Owen,’ Brown said.

“The FBI is breaking down people’s doors with
guns drawn,” said Mara Verheyden-Hilliard, a member of the board of the
National Lawyers Guild, which has talked with Anonymous organizers about
their legal defense. “A group of people are engaged in a modern day
electronic sit-in, and the FBI wants to treat that like it’s terrorist
activity.”

Anonymous responded on Feb. 6 by hacking a
California-based security firm that it said was aiding the probe,
hijacking 60,000 company e-mails and making them public on one of the
organization’s servers. The e-mails included a proposal by the company
to develop a malware tracking program for the U.S. government’s Defense
Advanced Research Projects Agency (DARPA), among other confidential
documents.

Drawn Guns

Jenny Shearer, a Federal Bureau of Investigation
spokeswoman, said the agency couldn’t comment on the probe or its
targets. She said “it’s not unusual” to have drawn guns during the
execution of a search warrant until “the situation is secure.”

The subpoena shows federal investigators are
trying to piece together the workings of an elusive group composed of
hundreds of hackers and activists stretched across several countries.
Brown said about a dozen members are able to influence the direction of
Anonymous.

Agents served a grand jury subpoena on a
California man who goes by the screen name ‘Trivette,’ ordering him to
appear before the panel tomorrow. It demands all information he has on
how the December attacks were organized, including instructions to
activists on how to download software that can overwhelm websites by
inundating them with thousands of service requests a second.

‘Names, Handles’

The subpoena requested information on the group’s
hierarchy and structure, including “names, handles, e-mail accounts, or
IP addresses,” according to a copy provided to Bloomberg News by the
organization.

The FBI also raided the home of a 19-year-old
Nevada woman, Brown said. Agents seized two computers, including one
owned by her father, her iPhone, two flash drives and a router, Brown
said.

Among other recent high-profile attacks,
Anonymous has claimed in public statements responsibility for crashing
government websites in Egypt and Tunisia to support political protests.

Brown said the group, whose activities have
sparked an international investigation and five arrests in Britain, is
dedicated to “the defense of liberty.” Its goal is “a perpetual
revolution across the world that goes on until governments are basically
overwhelmed and results in a freer system,” he said.

History of Retaliation

Several cyber-security experts declined to speak
about the group or its activities on the record because of its history
of retaliating against critics, such as the Feb. 6 attack on a cyber
security firm HBGary Federal, which Anonymous accused of aiding the
government’s investigation.

Shearer, the FBI spokeswoman, declined to comment on any cooperation between the agency and the security firm.

Aaron Barr, the head of security services for the
Sacramento-based company, was quoted in the Financial Times on Feb. 4
saying that he had information on the identity of Anonymous leaders that
he planned to release at a cyber conference this month.

The following day, the group hacked into the
company’s network and took more than 60,000 internal e-mails and began
releasing them last night, Brown said. It also hijacked the Twitter
accounts of HBGary’s employees, using them to post personal information
such as social security numbers and addresses, he said.

In one e-mail provided by Anonymous, HBGary Chief
Executive Officer Greg Hoglund discussed a possible “60 Minutes”
interview on Anonymous, as well as how the security firm could use it to
their advantage.

Public ‘Hero’

“Position Aaron as a hero to the public,” Hoglund
wrote to Barr and Karen Burke, the firm’s spokeswoman. “I think these
guys are going to get arrested, it would be interesting to leave the
soft impression that Aaron is the one that got them, and that without
Aaron the Feds would have never been able to get out of their own way.”

Burke declined to comment on that communication
or the other e-mails or whether the firm negotiated with Anonymous to
retrieve the internal communications before they became public, as the
group claimed.

Investigation Continuing

“The investigation into our breach is still
ongoing so it would be premature to comment further at this time,”
HBGary Federal President Penny Leavy said in a statement.

The exposure has the potential to be extremely
damaging to the security company and its reputation, said Susan
Freiwald, an expert on cyber security and law at the University of San
Francisco.

“It’s a security firm,” Freiwald said. “It’s especially sensitive for them to be portrayed as insecure.”

The search warrants issued by the FBI in some
cases referred to possible violations of the Computer Fraud and Abuse
Act, the main federal anti-hacking statute, Brown said.

The law can be used to prosecute
denial-of-service attacks, according to a Justice Department manual
relating to computer crime and intellectual property posted on the
agency website. Prosecutors must prove an attack caused at least $5,000
in damage to a company or its operations, a threshold the December
attacks probably meets, Freiwald said.

No One Arrested

No one has been arrested yet in the U.S. in
connection with the probe, Brown said. The Lawyers Guild’s
Verheyden-Hilliard said the attacks against PayPal or MasterCard should
be viewed as a form of modern-day civil disobedience, the equivalent of
blocking a company’s virtual storefront.

Those attacks may have slowed or disabled the
companies’ websites temporarily without affecting their payment
processing functions, the companies said.

“Civil disobedience is historically more
effective when the state intervenes in a heavy-handed way,” said Ryan
Calo, an expert in cyber crime at Stanford University in Stanford,
California. “It is not just the act but also all the follow-up -- the
subpoenas, arrests, a trial. That’s all part of the act of civil
disobedience.”